Go To Namecheap.com
Security & Privacy

Google is Changing How it Treats SSL

Google has been on a mission recently to get websites to adopt SSL. You may recognize sites with SSL certificates: they’re the ones that start with https:// instead of http://. When a site uses SSL, information that’s passed to that site’s server remains private.
To incentivize website owners to adopt SSL, Google has done two things. First, it uses the presence of an SSL certificate as a ranking signal. Second, it adds a positive designation in the address bar of the Google Chrome browser when you visit a site that uses SSL and, at the same time, adding a warning notice for sites that do not.

What’s changing

Google is making a change to how its popular Chrome browser identifies secure sites. Instead of focusing on pointing out that a site is secure, it will begin focusing instead on when a site is not secure.
In the image below, the first address bar shows how sites with a Domain Validated (DV) certificate look right now. They get a green padlock symbol and the word “Secure.”
When Chrome version 69 arrives in September, this will be downgraded to only show a black padlock. Eventually, sites with SSL will not show any security symbol whatsoever.
image of how SSL will reflect in address bar
As the positive identifiers go away, Chrome will adopt a stronger warning on sites that don’t have SSL.
Sites without an SSL certificate currently show a black “Not Secure” message in Chrome. Beginning with Chrome version 70 in October, this message will become red with a warning sign when someone enters data on the site, such as filling out a comment form.
Here’s a graphic from Google that demonstrates this:
Graphic that shows how Google treats sites that are not secure

Why the Change?

Google says that there were too many sites without SSL previously to mark them with a strong red warning. As SSL adoption grows, Google wants people to think of sites as secure by default and instead focus on warning visitors when a site does not have SSL.
Although they didn’t mention it, Google might also have another reason for the change. People tend to see the green padlock and “secure” notice at the top of websites and think that the site is safe. While it’s true that the data you submit on sites with https:// is securely transferred to the server, that doesn’t mean that the owner of the site isn’t a bad actor. For example, a “typo domain” used for phishing can easily get an SSL certificate.

What You Should Do

If you haven’t added an SSL certificate to your website, now is the time to do so. It’s possible you are already scaring off website visitors by not having one.
Don’t worry if you aren’t tech savvy; there are many resources out there for installing SSL certificates. Be sure to check out the Namecheap FAQs for more info.
SSL certificates are also much cheaper than they used to be. You can order an SSL certificate from Namecheap for less than the cost of most domain names!

Was this article helpful?
Andrew Allemann avatar

Andrew Allemann

Andrew is the founder and editor of Domain Name Wire, a publication that has been covering domain names since 2005. He has personally written over 10,000 posts covering domain name sales, policy, and strategies for domain name owners. Andrew has been quoted in stories about domain names in The Wall Street Journal, Washington Post, New York Times and Fortune. More articles written by Andrew.

More articles like this
Next Post

Why You Need Premium DNS for a More Secure Site

Read More